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(54) A mobile terminal authentication method and a mobile terminal therefor 



(57) A mobile terminal authentication method used 
for utilizing a service supplied from an information server 
to a mobile terminal is provided. The method authenti- 
cates the mobile terminal based on user information by 
which the information server identifies the mobile termi- 
nal. The method comprises an authentication step by 
the mobile terminal, carrying out an authentication using 



biometric information representing a user's biometric 
characteristic and read by a reading device, and previ- 
ously registered user's biometric information; and a 
transmitting step by the mobile terminal, transmitting the 
user information to the information server when the bi- 
ometric information read by the reading device coin- 
cides with the previously registered user's biometric in- 
formation. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Held of the Invention 

[0001] The present invention generally relates to mo- 
bile terminal authentication methods and mobile termi- 
nals therefor, and specifically relates to a user authen- 
tication method employed when doing commercial 
transactions such as electronic commerce and mobile 
ban king via a mobile communication network and a gen- 
eral communication network such as the Internet, and 
relates to a mobile terminal for such an authentication 
method. 

2. Description of the Related Art 

[0002] In recent years, in the wake of a rapid prolifer- 
ation of mobile phones, electronic commerce using mo- 
bile phones is becoming more and more popular among 
the general public including the consuming public. Elec- 
tronic commerce includes electronic purchase over a 
communication network such as the Internet and mobile 
banking capable of checking bank balances and depos- 
iting/withdrawing money on line. Electronic commerce 
such as e-shopping over a communication network such 
as the Internet requires an individual authentication 
when settling the transaction online. This individual au- 
thentication is to confirm whether a communicating par- 
ty is really the accepted person himself/herself. Atypical 
authentication is accomplished by a password authen- 
tication method. In the password authentication method, 
a combination of a user ID and a password is used for 
authentication or collation. The password method is also 
used for login to an electronic system as well as e-com- 
merce over a communication network. Other authenti- 
cation technologies using biometric information such as 
fingerprints are being much discussed these days. For 
example, Japanese Patent Laid-open Publications Nos. 
4-352547 and 4-352548 disclose, an authentication 
technology in which fingerprint authentication is carried 
out in a mobile phone and calling from an individual 
phone number is allowed only when the phone number 
is successfully authenticated. Further, Japanese Patent 
Laid-open Publications Nos. 2000-307715 and 
2000-59501 propose an authentication technology in 
which acceptance/rejection of calling from a mobile 
phone is controlled based on a result of biometric infor- 
mation (fingerprint, iris) collation. 

[0003] In the above referenced technologies, howev- 
er, the individual authentication is performed in a mobile 
phone in order to make mobile phone functions valid/ 
invalid. These technologies cannot realize personal or 
individual authentication in servers by which financial in- 
stitutions or shops settle transactions over a communi- 
cation network. Therefore, whenever mobile terminal 
users conduct e-commerce or mobile banking over mo- 



bile communication network (e.g. PDC-P network), they 
have to input user data (e.g. user data = user ID and 
password) into their mobile terminals and transmit the 
user data to a settlement server each time. The user 
5 data are different from bank to bank or from e-shop to 
e-shop. In the settlement server, user authentication is 
carried out based on the user ID and password sent from 
the mobile terminal. 

[0004] As mentioned above, when mobile terminal us- 
10 ers conduct e-commerce or mobile banking over a com- 
munication network, they have to find out a unique user 
ID and password for each transaction and input them 
into their mobile phones manually and send them. Fur- 
ther, mobile terminal users have to strictly administer 
is each user ID and password for each bank or shop re- 
spectively. It is burdensome for users having various 
transactions to administer user IDs and passwords so 
they are not stolen by others. And after finding out the 
correct user ID and password with some difficulty, it is 
20 burdensome to input them manually, especially so when 
the user has mistakenly input the user ID and password 
and has to input them again from the beginning. 



25 



SUMMARY OF THE INVENTION 



[0005] Accordingly, it is one object of the present in- 
vention to provide a mobile terminal authentication 
method, which enables users to easily find out a user 
ID and password and transmit them to an authentication 
30 server while keeping tight security. 

[0006] It is another object of the present invention to 
provide a mobile terminal, which can perform individual 
authentication using such a method. 
[0007] Another and more specific object of the 
35 present invention is to provide a mobile terminal authen- 
tication method used for utilizing a service supplied from 
an information server to a mobile terminal communicat- 
ing with the information server via a radio path, the mo- 
bile terminal authentication method authenticating the 
40 mobile terminal based on user information by which the 
information server identifies the mobile terminal. The 
method comprises an authentication step by the mobile 
terminal, carrying out an authentication using biometric 
information representing a user's biometric characteris- 
45 tic and read by a reading device, and previously regis- 
tered user's biometric information; and a transmitting 
step by the mobile terminal, transmitting the user infor- 
mation to the information server when the biometric in- 
formation read by the reading device coincides with the 
so previously registered user's biometric information. In 
addition, the user information may be information relat- 
ing to a process of the biometric information authentica- 
tion. Alternatively the user information includes at least 
either one of information relating to a process of the bi- 
55 ometric information authentication and information rep- 
resenting a history of the process. 
[0008] Still another object of the present invention is 
to provide a mobile terminal authentication method used 
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for utilizing a service supplied from an information server 
to a mobile terminal communicating with the information 
server via a radio path, the mobile terminal authentica- 
tion method authenticating the mobile terminal based on 
the user's biometric information by which the informa- 
tion server identifies the mobile terminal. The method 
comprises a registration step for previously registering 
the user's biometric information in the mobile terminal 
and the information server; an authentication step by the 
mobile terminal, carrying out an authentication using bi- 
ometric information representing the user's biometric 
characteristic and read by a reading device, and the pre- 
viously registered user's biometric information; and a 
transmitting step by the mobile terminal, transmitting the 
user's biometric information read by the reading device 
to the information server when the biometric information 
read by the reading device coincides with the previously 
registered user's biometric information. In addition, the 
mobile terminal authentication method further compris- 
es a determining step by the mobile terminal, counting 
the number of the authentications carried out when the 
user's biometric information read by the reading device 
coincides with the previously registered user's biometric 
information, and determining whetherthe number of the 
authentications carried out exceeds a predetermined 
number; and a collation step at the mobile terminal, in- 
putting a personal identification number (PIN) when the 
number of the authentications carried out is determined 
to exceed the predetermined number, and collating the 
input PIN with a previously registered PIN. In addition, 
the mobile terminal previously registers a combination 
and sequence of a plurality of user's biometric informa- 
tion sets as the user's biometric information; the mobile 
terminal carries out the authentication using the previ- 
ously registered user's biometric information and a plu- 
rality of user's biometric information sets read by the 
reading device; and the mobile terminal considers the 
user to be an authorized user when the plurality of user's 
biometric information sets read by the reading device 
are determined to coincide with the previously regis- 
tered user's biometric information. 
[0009] A further object of the present invention is to 
provide a mobile terminal communicating with an infor- 
mation server via a radio path to utilize a service sup- 
plied from the information server, the mobile terminal be- 
ing authenticated by the information server based on us- 
er information by which the information server identifies 
the mobile terminal. The mobile terminal comprises an 
individual authentication unit for carrying out an authen- 
tication using biometric information representing a us- 
er's biometric characteristic and read by a reading de- 
vice, and previously registered user's biometric informa- 
tion; and a transmission unit for transmitting the user 
information to the information server when the biometric 
information read by the reading device is considered to 
coincide with the previously registered user's biometric 
information. In addition, the transmission unit transmits 
information relating to a process of the biometric infor- 



mation authentication as the user information to the in- 
formation server. The transmission unit transmits at 
least either one of information relating to a process of 
the biometric information authentication and information 
5 representing a history of the process as the user infor- 
mation to the information server. 
[0010] Another object of the present invention is to 
provide a mobile terminal communicating with an infor- 
mation server via a radio path to utilize a service sup- 
10 plied from the information server, the mobile terminal be- 
ing authenticated by the information server based on the 
user's biometric information by which the information 
server identifies the mobile terminal, the user's biomet- 
ric information being previously registered in the mobile 
15 terminal and the information server. The mobile terminal 
comprises an individual authentication unit for carrying 
out an authentication using user's biometric information 
read by a reading device, and the previously registered 
user's biometric information; and a transmission unit for 
20 transmitting the user's biometric information read by the 
reading device to the information server when the user's 
biometric information read by the reading device is con- 
sidered to coincide with the previously registered user's 
biometric information. In addition, the mobile terminal 
25 further comprises an authentication number determin- 
ing unit for counting the number of the authentications 
carried out when the user's biometric information read 
by the reading device coincides with the previously reg- 
istered user's biometric information, and determining 
30 whetherthe number of the authentication carried out ex- 
ceeds a predetermined number; and a personal identi- 
fication number(PIN) collation unit for receiving a PIN 
when the number of authentication carried out is deter- 
mined to exceed the predetermined number, and collat- 
es ing the received PIN with a previously registered PIN. 
The mobile terminal further comprises a biometric infor- 
mation registration unit for registering a combination 
and sequence of a plurality of user's biometric informa- 
tion sets as the user's biometric information; a biometric 
40 information authentication unit for carrying out the au- 
thentication using the previously registered user's bio- 
metric information and a plurality of user's biometric in- 
formation sets read by the reading device; and a bia- 
metric information determining unit for determining 
45 whetherthe plurality of user's biometric information sets 
read by the reading device coincides with the previously 
registered user's biometric information. 
[0011] Features and advantages of the present inven- 
tion will be setforth in the description, which follows, and 
so in part will become apparent from the description and 
the accompanying drawings, or may be learned by prac- 
tice of the invention according to the teachings provided 
in the description. Objects as well as other features and 
advantages of the present invention will be realized and 
55 attained by an apparatus particularly pointed out in the 
specification in such full, clear, concise, and exact terms 
as to enable a person having ordinary skill in the art to 
practice the invention. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0012] 

FIG. 1 shows a communication system that an em- 
bodiment of the present invention can be applied to; 
FIG. 2 is a block diagram of a mobile terminal shown 
in FIG. 1; 

FIG. 3 is a flowchart showing a process of initially 
registering a fingerprint according to the present in- 
vention; 

FIG. 4 is a flowchart showing a process of register- 
ing user data according to the present invention; 
FIG. 5 shows a user data administration table ac- 
cording to the present invention; 
FIG. 6 is a flowchart showing a process of initially 
registering user data Into an information server ac- 
cording to Example 1 of the present invention; 
FIG. 7 shows a display of the mobile terminal when 
sending user data; 

FIG. 8 is a flowchart showing a process of using au- 
thentication according to Example 1 of the present 
invention; 

FIG. 9 is a flowchart showing a process of initially 
registering a fingerprint in a server according to Ex- 
ample 2 of the present invention; 
FIG. 1 0 is a flowchart showing a process of using 
authentication according to Example 2 of the 
present invention; 

FIG. 11 is a flowchart showing a process of entering 
the fingerprint authentication request mode accord- 
ing to Example 2 of the present invention; 
FIG. 12 is a flowchart showing a case where the 
fingerprint authentication gives multiple times of NG 
(No Good) according to Example 2 of the present 
invention; 

FIG. 13 is a flowchart showing a process of initially 
registering multiple fingerprints according to Exam- 
ple 2 of the present invention; and 
FIG. 1 4 is a flowchart showing a process of authen- 
ticating multiple fingerprints according to Example 
2 of the present invention. 



DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 



[0013] In the following, embodiments of the present 
invention will be described with reference to the accom- 
panying drawings. 

[0014] FIG. 1 shows a communication system to 
which a mobile terminal authentication method of the 
embodiment of the present invention is applied. 
[0015] In this communication system shown in FIG. 1, 
a user can communicate with servers 200, 300, 400 and 
500 through a mobile terminal 1 0 over a mobile commu- 
nication network 20 (e.g. PDC-P(Personal Digital Cellu- 
lar-Packet) network) and a general communication net- 
work such as the internet 1 00. The servers 200 and 300 



can be used by e-shops or business enterprises for set- 
tling commercial goods sales, and referred to later as a 
"server 200 for shop enterprise A" and a "server 300 for 
shop enterprise B" respectively. The servers 400 and 
s 500 can be used by a bank and a securities company 
for settling their financial accounts, and therefore re- 
ferred to later as a "server 400 for bank C" and a "server 
500 for securities D", respectively. In each server, re- 
spective transaction settlement is carried out based on 
10 individual authentication. In FIG. 1 , the mobile terminal 
10 can radio-communicate with a radio node (e.g. a ra- 
dio base station, not shown) in the PDC-P network 20, 
and communicate with each of servers 200-500 via the 
Internet 100 for respective settlements. In the mobile 
is terminal 1 0 and each server 200-500 as a commercial 
transaction party, individual authentication is carried out 
in order to verify identity when doing commercial busi- 
ness. 

[0016] Referring to FIG. 2, the mobile terminal 10 
20 comprises a radio unit (RF/IF) 21 , a signal processor 22, 
a controller 23, a biometric information reader 24, a data 
memory 25, a display 26, an input unit27, a microphone 
28, a speaker 29 and a timer 30. 
[0017] The radio unit 21 modulates a base band sig- 
25 nal output from the signal processor 22, and converts it 
to a radio frequency signal. The radio unit 21 also de- 
modulates a radio frequency signal received at the an- 
tenna and converts it to a base band signal. The signal 
processor 22 performs voice-encoding process on an 
30 analog voice signal input mainly at the microphone 28 
to covert it to a digital signal. The biometric information 
reader 24 reads biometric information such as a finger- 
print, a retina pattern, a voiceprint, a face line and the 
like input at a predetermined input unit(not shown) and 
35 transmits it to the controller 23. The timer 30 is used for 
setting time for monitoring input leaving at the input unit 
27. . 

[0018] The controller 23 controls each unit in the mo- 
bile terminal 10. For example, the controller performs 
40 an extracting process on the biometric information 
transmitted from the biometric information reader 24, 
and transmits characteristic data extracted out in the ex- 
tracting process to the data memory 25. The data mem.- 
ory 25 stores the characteristic data. In this embodi- 
^5 ment, the raw biometric data from the biometric reader 
24 is not stored as it is, but the characteristic data are 
stored after the controller 23 has extracted biometric 
features out. However, the data memory 25 may store 
the raw biometric data. 
50 [0019] The controller has an authentication function 
of collating the biometric information input from the bio- 
metric reader 24 with the biometric information stored 
in the data memory 25. 

[0020] The controller 23 is connected to the input unit 
55 27 for inputting phone numbers and various commands, 
and connected to the display 26 for showing various da- 
ta and information necessary for individual authentica- 
tion according to the present invention. 
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[0021] FIG. 3 shows a process for initially registering 
biometric information (=data) used for the mobile termi- 
nal authentication according to the present invention. 
The biometric information includes fingerprints, retina 
patterns, face outlines, voiceprints and the like. In this s 
embodiment, fingerprints are utilized as the biometric in- 
formation. 

[0022] In FIG. 3, when a user activates the mobile ter- 
minal 10, a menu list appears on the display 26. When 
the user selects a fingerprint registration mode from the 10 
menu list, a password requesting screen appears. The 
user inputs his/her password at step S1 , and then the 
controller 23 collates the input password with a pass- 
word previously registered in the data memory 25 by the 
user at step S2. If the controller 23 determines "OK" in '5 
the collation step (S2) , the process goes to the next step 

(53) . If the controller 23 determines M NG" (No Good), 
the process returns to the password requesting screen. 
[0023] When the collation resulL is "OK", fingerprint in- 
formation (referred to as "fingerprint data" later) is reg- 20 
istered at the step S3. The fingerprint data registration 
process is accomplished as follows. 

[0024] The user places his/her own finger on a prede- 
termined portion of the biometric information reader 24, 
and then the fingerprint data are read by the biometric 25 
information reader 24. The read fingerprint data are ex- 
tracted by the controller 23 and sent to the data memory 
25 for storing. 

[0025] In this manner, the user's fingerprint data are 
normally (correctly) registered in the data memory 25 at 30 
step S4. After successful registration of the fingerprint 

(54) , it is determined whether there exists an additional 
fingerprint to be registered at step S5. If it is determined 
at step S5 that there exists an additional fingerprint to 

be registered, then the process goes back to step S3 35 
and repeats steps S3, S4 and S5 to register all remain- 
ing fingerprints. If it is determined at step S5 that there 
is no additional fingerprint to be registered, then the reg- 
istration process is finished. If the fingerprint is not nor- 
mally (correctly) registered in the data memory 25 (Step *o 
S4), then the fingerprint reading and registering process 
is performed again (S3). In this embodiment, the total 
number of fingerprints to be registered is assumed to be 
3. Therefore, the initial registration process is not fin- 
ished until all the data for all three fingerprints are cor- «5 
rectly registered. The determining step S5 determines 
whether the number of registered fingerprints reaches 
3 or not. 

[0026] The registered fingerprint data can be deleted 
after inputting the password into the mobile terminal in so 
the same manner as in the registration process men- 
tioned above. (Note: I do not understand how the pre- 
ceding sentence is true.) 

[0027] After the fingerprints are successfully regis- 
tered in the data memory 25 in the mobile terminal 1 0, 55 
user data are registered in the mobile terminal 1 0. User 
data, also referred to as personal identification number 
(PIN), means data to be used for verifying identity. A for- 



mat of the user data is composed of, for example, 10 
characters or less of user ID plus 10 characters or less 
of password. In this embodiment, the maximum number 
of registrable user data characters is assumed to be 1 0. 
Each user data set (user ID plus password) is assigned 
by one of the servers 200-500 at a mobile terminal user's 
request. It is assumed that the user data have been al- 
ready assigned by servers 200-500 for explanatory pur- 
poses in this embodiment. 

[0028] FIG. 4 shows a process for registering the user 
data in the mobile terminal 10. In FIG. 4, the user can 
enter into a user registration mode by performing a pre- 
determined input operation on the mobile terminal 10, 
and then the fingerprint request appears on the display 
26 at step S11 . At step S12, predetermined fingerprint 
authentication is carried out. In this step SI 2 of finger- 
print authentication, the user can cause the mobile ter- 
minal 10 to read his/her fingerprint and store the finger- 
print data in area B of the data memory 25. The previ- 
ously registered fingerprint data are assumed to be 
stored in area A of the data memory 25. The controller 
23 reads out the registered fingerprint data from area A 
of the data memory 25 and user's fingerprint data from 
area B of the data memory 25, and collates them. If the 
controller 23 determines the authentication to be "OK", 
then the process goes to the next step (S14). On the 
other hand, if the controller 23 determines the authenti- 
cation to be "NG", then the process returns to the step 
S12 and starts the authentication process again. 
[0029] After the authentication is determined "OK" at 
the step S1 3, the user can input his/her user data (user 
ID and password) at the input unit 27. The user ID and 
password have been previously assigned by the server 
200 for shop enterprise A. The user inputs his/her user 
ID at step S1 4 and password at step S1 5. The user sees 
the display 26 showing the input user data to confirm 
that the input user data have no errors at step S16. If 
the input user data are confirmed to have no errors, the 
user finally fixes the input user data to be entered into 
the mobile terminal 1 0 for registration by hitting an "input 
fixed" button. In this embodiment, the user ID is used as 
the user data name by default setting. In this way, the 
registration of the user data assigned by the server 20Q 
for shop enterprise A is completed. 
[0030] Next, other user data assigned by server 300 
for shop enterprise B, server 400 for bank C and server 
500 for securities D can be input to the mobile terminal 
10 and registered therein. After all the registrations are 
completed, all the user data are held in the data memory 
25 as a table (referred to as a "user data administration 
table") shown in FIG. 5. 

[0031] The user data administration table shown in 
FIG. 5 is like a telephone directory. When a desired reg- 
istration number is designated, its user ID and password 
appear on the display 26 for confirmation. This table 
contains registration numbers (1), user IDs(2), pass- 
words (3) and remarks (4) from the left to the right. 
[0032] In this example shown in FIG. 5, a user ID 
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"12345 and a password for the shop enterprise A 
are registered as the first user data (Reg. No. 1). A user 
ID "123ab .." and a password for the shop enterprise 
B are registered as the second user data (Reg. No. 2). 
A user ID "ABCDE .. .." and a password for the bank C 5 
are registered as the third user data (Reg. No. 3). A user 
ID "ABCab .. .." and a password forthe securities D are 
registered as the fourth user data (Reg. No. 4). 
[0033] In this manner, according to this embodiment, 
the user data are previously registered in the user data io 
administration table. Therefore, the user can easily as- 
certain the user ID and password necessary for a de- 
sired transaction party, by only calling up the user data 
administration table and designating the corresponding 
registration number. 15 
[0034] As explained above, user data can be regis- 
tered only after the fingerprint authentication has been 
successfully carried out. Further the correction and de- 
letion of the registered user data also need the finger- 
print authentication, and therefore high security can be 20 
kept. 

[0035] Next, referring to FIG. 6, a transaction example 
1 according to the present invention will be explained, 
in which commercial transactions such as e-commerce 
and mobile banking are accomplished over a communi- 25 
cation network based on fingerprint authentication. 
[0036] A process for previously (initially) registering 
user data in a server, using server 200 for shop enter- 
prise A, will be explained. The server 200 is used as one 
example for explanatory purposes, and the present in- 30 
vention can be applied to any kind of sever. 

Example 1 

[0037] FIG. 6 shows a process for initially registering 35 
user data to the server 200. The mobile terminal 10 at 
first shows a user registration screen on the display 26. 
The mobile terminal user can select a user ID/password 
requesting screen (S21) from the registration screen. 
Then the user hits a menu button without inputting a user 40 
ID/password, to display a menu screen. Fingerprint au- 
thentication can be called and selected on the menu 
screen at step S22. After being selected, fingerprint au- 
thentication is carried out at step S23. If the result of the 
fingerprint authentication is "OK" at step S24, the proc- 45 
ess goes to step S25. At step S25, the controller 23 
reads out one set of previously registered user data from 
the data memory 25, which is designated by the user. 
In this Example 1, the user data set forthe server 200 
for shop enterprise A is read out. The read out user data so 
set is displayed on the display 26. For example, the dis- 
play 26 displays user name and password as shown in 
FIG. 7. 

[0038] The mobile terminal user confirms that the user 
data set (user name and password) displayed on the 55 
display 26 is the desired one, and hits a "SEND" button 
(S26) at the lower left comer of the display 26 (FIG. 7). 
In this way, the user data (user ID and password) and 



production serial number of the mobile terminal 10 are 
transmitted to the server 200 for shop enterprise A 
(S27). 

[0039] The server 200 for shop enterprise A registers 
the user data and the production serial number and 
therefore becomes able to authenticate the mobile ter- 
minal 10 on the server side. 

[0040] After the user data and the production number 
received from the mobile terminal 10 are initially regis- 
tered in the server 200 for shop enterprise A as ex- 
plained above, the user can electronically settle trans- 
actions regarding e-commerce or mobile banking. 
[0041] Referring to FIG. 8, a procedure for electroni- 
cally settljng will be explained. In this example, it is as- 
sumed that the mobile terminal user orders some goods 
from the shop enterprise A having a cyber shop on a 
communication network, and electronically pays or set- 
tles forthe purchased goods over the communication 
network. 

[0042] The mobile terminal user browses a goods cat- 
alog established on the server 200 for shop enterprise 
A. If the user finds goods that he/she wants to buy, he/ 
she inputs the item numbers of the desired goods on a 
predetermined screen to be able to purchase the goods. 
After the user decides to purchase the desired goods in 
this way, the mobile terminal 10 sends a settlement re- 
questing signal to the server 200 for shop enterprise A. 
Then the server 200 for shop enterprise A requests the 
mobile terminal 10 to send a user ID and password. 
[0043] In FIG. 8, the mobile terminal user receives the 
request for user ID and password (S31), and calls up a 
menu list screen that includes fingerprint authentication 
mode and selects the fingerprint authentication mode 
(S32). Being selected in this manner, the fingerprint au- 
thentication is processed at step S33. If the result of the 
fingerprint authentication is 11 OK" at step S34, the con- 
troller 23 reads out the designated user data set from 
the data memory 25 at step S35. For example, the user 
can refer to the user data administration table shown in 
FIG. 5 like a phone directory, and read out the user data 
(user ID "12345 .. .." and password "**•*******••) f or the 
shop enterprise A. 

[0044] After the user data set is read out by the con- 
troller 23, the display 26 of the mobile terminal 10 dis- 
plays a confirmation screen as shown in FIG. 7. The us- 
er confirms that the user data (user name and pass- 
word) displayed in this screen are the correct ones, and 
pushes a button "SEND" appearing at the lower left cor- 
ner of the display 26 (S36). When the button is pushed 
in this manner, the mobile terminal 10 transmits the fol- 
lowing information to the server 200 for shop enterprise 
A at a step S37: 

1) User data (user ID and password) ; 

2) Production number of the mobile terminal; 

3) Fingerprint authentication algorithm; and 

4) Version information of the fingerprint authentica- 
tion algorithm. 
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[0045] It Is assumed that an administrator of the serv- 
er 200 for shop enterprise A has previously downloaded 
the fingerprint authentication algorithm for allowing au- 
thentication and the version information of the finger- 
print authentication in the server 200. The server 200 
for shop enterprise A performs an individual authentica- 
tion based on the information 1) through 4) above sent 
from the mobile terminal 1 0, and carries out a predeter- 
mined process such as financial settlement only when 
the individual authentication results in "OK". 
[0046] As mentioned above, according to this exam- 
ple, the mobile terminal 1 0 at first performs a fingerprint 
authentication therein, and then reads out and sends us- 
er data (user ID and password) to the server 200 only 
when the fingerprint authentication results in OK. Then 
the server 200 for shop enterprise A receives the finger- 
print authentication algorithm and the version informa- 
tion of the algorithm in addition to the user data and pro- 
duction number of the mobile terminal 10, therefore the 
server can confirms that the transmitter is the correct 
mobile terminal 10 authenticated by the fingerprint au- 
thentication. And the fingerprint authentication is re- 
quired for reading the user data, and therefore high se- 
curity is kept while the process of reading and sending 
the user data is convenient Compared to manually in- 
putting the user data, the process of this example saves 
user's tasks and reduces the burden on the user. Fur- 
ther, the server 200 may specify a particular authentica- 
tion algorithm in advance. And the server 200 can only 
authenticate user data that was authenticated by the 
mobile terminal 1 0 using the specified authentication al- 
gorithm . And the server 200 can reject the user data that 
is authenticated by the mobile terminal 1 0 using an au- 
thentication algorithm which version is older than a pre- 
determined one. In this manner the level of security can 
be increased. 

[0047] In the above explained Example 1 , only the in- 
formation items 1 ) through 4) above are sent to the serv- 
er 200 for shop enterprise A. The present invention is 
not limited to this. Biometric information can be sent "as 
is" from the mobile terminal 1 0. 

[0048] Another example according to the present in- 
vention will be explained below with reference to FIG. 
9, In which the biometric data are sent "as is" from the 
mobile terminal 10 to a server for mobile terminal au- 
thentication. 

Example 2 

[0049] In FIG. 9, at first the user activates the mobile 
terminal 10 and selects the fingerprint authentication 
menu. And then the password input requesting screen 
appears on the display 26. The user inputs his/her pass- 
word at step S41. The controller 23 collates (authenti- 
cates) the input password with a password previously 
registered in the data memory 25 at step S42. if the au- 
thentication result is "OK" at step S42, the process goes 
to step S43, where fingerprint data and the like are reg- 



istered. This fingerprint registration is done such that a 
fingerprint read by the biometric information reader 24 
is processed by the controller 23 to obtain data such as 
a fingerprint image representing fingerprint features. 
5 Thus obtained data are stored in the data memory 25 
(S43). In this Example, fingerprint image is taken to 
mean fingerprint data to be stored in the data memory 
25. 

[0050] After the above fingerprint image is normally 
(correctly) stored in the data memory 25 (S43), the mo- 
bile terminal 10 transmits the registered fingerprint im- 
age to the server 200 for shop enterprise A. The finger- 
print image sent from the mobile terminal 1 0 is received 
and registered by the server 200 for shop enterprise A. 
[0051] On the other hand, if the authentication in the 
mobile terminal 1 0 results in "IMG" at step S42, the proc- 
ess goes to step S44. It is determined whether the 
number of times of "NG" exceeds a predetermined 
number M at step S44. If it is determined the number of 
times of "NG" does not exceed M, the process returns 
to the password input step S41 to provide the chance to 
re-try the password entry. If it is determineded that the 
number of times of "NG" exceeds M, the initial registra- 
tion fails and the registration process is terminated. 
Therefore, when the initial registration fails, the user 
should take predetermined initialization procedures and 
restart the initial registration from the beginning. 
[0052] A process for carrying out settlement utilizing 
e-commerce or mobile banking after completing the fin- 
gerprint registration in the server 200 for shop enterprise 
A will be explained below with reference to FIG. 10. In 
this part of Example 2, it is assumed that the mobile ter- 
minal user orders some goods from the shop enterprise 
A having a cyber shop on a communication network, and 
electronically pays or settles for the purchased goods 
over the communication network. 
[0053] Afterthe mobile terminal 10 sends a settlement 
requesting signal to the server 200 for shop enterprise 
A, the server200 requests the mobile terminal 10 to pro- 
vide fingerprint authentication at step S51 . 
After the fingerprint authentication request is sent to the 
mobile terminal 10 (S51), the controller 23 collates the 
fingerprint image input by the user in response to the 
fingerprint authentication request with the fingerprint im- 
age previously registered in the data memory 25.. If this 
collation results in "OK" at step S53, the fingerprint im- 
age input into the mobile terminal 1 0 by the user is sent 
to the server 200 for shop enterprise A. On the other 
hand, if the collation result is "NG", the process returns 
to step S52 to try fingerprint authentication again. 
[0054] The server 200 for shop enterprise A collates 
the fingerprint image sent from the mobile terminal 10 
with the previously registered fingerprint image. If this 
authentication gives "OK", the server 200 accepts a pre- 
determined settlement procedure. 
[0055] As explained above : according to this Example 
of the present invention, the mobile terminal 10 registers 
the same fingerprint image as the one sent to the server 
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200 for shop enterprise A. Therefore, the mobile termi- 
nal 10 carries out the fingerprint authentication using the 
same fingerprint image as the one registered in the serv- 
er 200 for shop enterprise A. The mobile terminal 10 
sends the fingerprint image to the server 200 for shop 
enterprise A only when the mobile terminal 1 0 success- 
fully authenticates the fingerprint image. Accordingly the 
possibility for the server 200 to have an error is lowered. 
[0056] When the environment surrounding fingerprint 
authentication is not ideal (for example, having rubbish 
or dust, or when a user's hands are wet), the possibility 
of having an error when the server 200 performs authen- 
tication is high. In such case, the user has to send his/ 
her fingerprint data to the server again and again, in- 
creasing the communication cost. According to this Ex- 
ample of the present invention, sending the fingerprint 
data again and again can be avoided. And the commu- 
nication cost problem is solved while Individual security 
can be kept high. 

[0057] Because registering or changing user data 
needs high security, for fingerprint authentication it is re- 
quired to enter into the user registration and change 
menu (mode). Therefore, only the identical person him- 
self/herself can register and change his/her user data. 
[0058] In FIG. 11 , the user of the mobile terminal 10 
can select fingerprint authentication request in the menu 
screen. The display 26 shows the fingerprint authenti- 
cation request screen (S61) and the fingerprint authen- 
tication is carried out at step S62. If the authentication 
result is "OK" at step S63, the process goes to selection 
menu or selection mode (S64), where user data can be 
registered and changed. At the same time, the timer 30 
for monitoring operation time in the selection mode 
starts counting (S65). This timer 30 counts non-opera- 
tion leaving time (time period while the user operates 
nothing in the mobile terminal 10) within the selection 
mode. This non-operation leaving time has a maximum 
limitation, which is referred to as "N hours". 
[0059] After the successful fingerprint authentication, 
when the user enters the selection menu, the timer 30 
starts counting (S65) and monitors the non-operation 
leaving time. At step S66, it is determined whether the 
non-operation leaving time exceeds N hours or not. If it 
is determined that the non-operation leaving time ex- 
ceeds N hours, the process goes back to the initial state 
(S61 ) (fingerprint authentication request screen). On the 
other hand, if it is determined that the non-operation 
leaving time does not exceed N hours, the process goes 
to the next step, in which the selection menu screen is 
displayed. The determining step S66 is repeated. 
[0060] According to the Example 2 of the present in- 
vention, if the non-operation leaving time within the se- 
lection menu exceeds a predetermined time, the finger- 
print authentication is required again. Therefore, by set- 
ting the limitation for the non-operation leaving time as 
an adequate time, it is possible to prevent the mobile 
terminal 1 0 from being operated by another person with 
malicious intent. 



[0061] The fingerprint authentication explained in the 
Examples 1 and 2 is not necessarily always earned out 
successfully, even if the authenticated fingerprint is true 
and correct. Accordingly, even after the fingerprint au- 
5 thentication gives NG a plurality of times, it may be nec- 
essary to allow the user to try the authentication again 
and again to correctly identify the true individual without 
lowering the security level. 

[0062] In FIG. 12, the user of the mobile terminal 10 
10 enters the fingerprint authentication request screen 
(S71), and performs fingerprint authentication (S72). If 
the fingerprint authentication gives "OK" at step S73, the 
process goes to step S74, where it is determined how 
many times the authentication was tried until finally get- 
15 ting OK. If the authentication gave N or more times of 
NG consecutively, the process goes to step S76, for re- 
quiring password authentication (S76 through S78) in 
addition to the fingerprint authentication. On the other 
hand, if the authentication did not give N or more times 
20 of NG consecutively, the authentication finishes suc- 
cessfully. 

[0063] When the result of the fingerprint authentica- 
tion is NG (S73), it is determined whether NG happened 
consecutively more than a predetermined number of 
25 times (M times) at step S75. For example, if NG hap- 
pened more than M times (S75), the process goes to 
step S76, where collation is earned out with the previ- 
ously registered password (S76 through S78). At the 
step S75, if NG did not happen consecutively more than 
30 m times, the process returns to the fingerprint authenti- 
cation request screen, where the fingerprint authentica- 
tion will be performed again (S71 through S73). 
[0064] If the authentication by inputting password 
(S76) is NG (S78), there are two ways to go. One is to 
35 return to step S76 to input the password again (A). The 
other is to return to the fingerprint authentication request 
screen at the step S71 . The server 200 for shop enter- 
prise A can select A or B. 

[0065] As explained above, according to this Example 
40 of the present invention, even if another person with ma- 
licious intent imitates the user's fingerprint and gets OK 
at the fingerprint authentication step after trying a cer- 
tain number of times, password authentication is re- 
quired, and therefore individual authentication security 
is kept high. And in this example, in the case where the 
fingerprint authentication gives consecutive NGs for try- 
ing many times due to user's wet hand or external noise, 
the process changes to the password authentication af- 
ter more than M times of consecutive NG. 
50 [0066] In the above examples, the authentication is 
done by collating one fingerprint input by the user with 
one fingerprint previously registered. However, the 
present invention is not limited to this one-to-one colla- 
tion. For example, it is possible to collate a plurality of 
55 input fingerprints with a plurality of registered finger- 
prints, that is, a combination of fingerprints can be 
matched. Alternatively, it is possible to further require 
that the order of a sequence of fingerprints be matched 
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in addition to the combination match. In this case, the 
combination and the sequential order can be previously 
registered in a manner similar to the above example. 
For example, a plurality of fingerprints can be registered 
as shown in FIG. 13. 

[0067] In FIG. 13, the user of the mobile terminal 10 
inputs a password at step S81 . If the input password is 
authenticated to be the correct one (authentication OK) 
at step S82, fingerprints of the user are registered at 
step S83. If the input password is determined to be 
wrong (authentication NG), the process returns to pass- 
word input step S81 to require the user to again input a 
password. 

[0068] If the user's fingerprint data are successfully 
registered (S84) at the fingerprint registration step S83, 
it is determined whether the number of the registered 
fingerprint data sets reaches N or not at step S85. If it 
•is determined that the number of the registered finger- 
print data sets reaches N, the process goes to step S86. 
At step S86, the N registered fingerprint data sets are 
sequentially arranged based on a predetermined colla- 
tion order and registered with the sequential order at 
step S86. This collation order can be determined by the 
user. 

[0069] On the other hand, if the number of the regis- 
tered fingerprint data sets does not reach N, the process 
returns to step S83 to repeat the fingerprint data regis- 
tration (S83, S84) until the number of the registrations 
reaches N. 

[0070] If the user fingerprint data set is not registered 
correctly (S84) at the fingerprint data registration step 
S83, the fingerprint data registration process is per- 
formed again. 

[0071] Next, a process for authenticating a plurality of 
fingerprints will be explained with reference to the flow- 
chart shown in FIG. 14. 

[0072] In FIG. 14, after the user of the mobile terminal 
10 enters a fingerprint authentication request screen at 
step S91 , the system requires the user to input N finger- 
prints corresponding to the previously registered N fin- 
gerprints. It is assumed here that the following plural fin- 
gerprint data have been previously registered. 

(1) 2 fingerprints (N=2) 

(2) Combination: thumb's and little finger's finger- 
prints 

(3) Sequential order: the little finger and then the 
thumb 

[0073] If the fingerprint authentication request screen 
requires the user to input two fingerprints, the user in- 
puts two fingerprints for authentication at step S92. And 
if a combination and order of the input two fingerprints 
coincide with the above conditions (1 ), (2) and (3) (S93), 
the authentication is completed successfully. 
[0074] On the other hand, if a combination or order of 
the input two fingerprints does not coincide with the 
above conditions, for example if the combination of the 



inputted two fingerprints (e.g. thumb and the middle fin- 
ger) is different from the registered condition, or if the 
sequential order of inputting two fingerprints (thumb 
then the little finger) is different from the above condi- 
5 tion, the process returns to the fingerprint authentication 
request screen (S91) to require the user to input two fin- 
gerprint data sets again. 

[0075] Because a combination and order of a plurality 
of fingerprints are considered in this way, comparatively 
10 high security is obtained compared to one fingerprint au- 
thentication. 

[0076] In the above examples, the controller 23 of the 
mobile terminal 10 corresponds to an individual authen- 
tication unit, a biometric information authentication unit, 
15 a personal identification number (PIN) collation unit, an 
authentication number determining unit and a biometric 
information determining unit. A signal transmitting func- 
tion of the radio unit 21 corresponds to a transmission 
unit for transmitting the user information and a transmis- 
20 sion unit for transmitting the user's biometric informa- 
tion. An information storage function of the data memory 
25 corresponds to a biometric information registration 
unit. 

[0077] According to the above explained examples of 
25 the present invention, user ID and password (or PIN) 
are read out after biometric information authentication. 
Therefore high security can be kept while the user ID 
and password can be obtained easily, and a mobile ter- 
minal authentication method reducing the burden of the 
30 inputting operation is provided. According to another 
feature of the examples of the present invention, a mo- 
bile terminal able to be authenticated by the above 
method is provided. 

[0078] Further, the present invention is not limited to 
35 these embodiments and examples, but various varia- 
tions and modifications may be made without departing 
from the scope of the present invention. 
[0079] The present application is based on Japanese 
priority application No. 2001 -1 91 645 filed on 6/25/2001 
40 with the Japanese Patent Office, the entire contents of 
which are hereby incorporated by reference. 

Claims 

45 

1. A mobile terminal authentication method used for 
utilizing a service supplied from an information serv- 
er to a mobile terminal communicating with the in- 
formation server via a radio path, the mobile termi- 
50 nal authentication method authenticating the mo- 
bile terminal based on user information by which the 
information server identifies the mobile terminal, the 
method comprising: 

55 an authentication step by the mobile terminal, 

carrying out an authentication using biometric 
information representing a user's biometric 
characteristic and read by a reading device, 
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and previously registered user's biometric in- 
formation; and 

a transmitting step by the mobile terminal, 
transmitting the user information to the informa- 
tion server when the biometric information read 5 
by the reading device coincides with the previ- 
ously registered user's biometric information. 



2. The mobile terminal authentication method claimed 
in Claim 1, wherein 10 

the user information is information relating to 
a process of the biometric information authentica- 
tion. 

3. The mobile terminal authentication method claimed 15 
in Claim 1, wherein 

the user information includes at least either 
one of information relating to a process of the bio- 
metric information authentication and information 
representing a history of the process. (Note: I do not 20 
see an antecedent for "history" in the Detailed De- 
scription.) 



A mobile terminal authentication method used for 
utilizing a service supplied from an information serv- 
er to a mobile terminal communicating with the in- 
formation server via a radio path, the mobile termi- 
nal authentication method authenticating the mo- 
bile terminal based on a user's biometric informa- 
tion by which the information server identifies the 
mobile terminal, the method comprising: 



25 



30 



a registration step for previously registering the 
user's biometric information in the mobile ter- 
minal and the information server; 35 
an authentication step by the mobile terminal, 
carrying out an authentication using biometric 
information representing user's biometric char- 
acteristic and read by a reading device, and the 
previously registered user's biometric informa- 40 
tion; and 

a transmitting step by the mobile terminal, 
transmitting the user's biometric information 
read by the reading device to the information 
server when the biometric information read by 45 
the reading device coincides with the previous- 
ly registered user's biometric information. 

The mobile terminal authentication method claimed 

in Claim 1 , which further comprises: so 

a determining step by the mobile terminal, 
counting the number of the authentications car- 
ried out when the user's biometric information 
read by the reading device coincides with the ss 
previously registered user's biometric informa- 
tion, and determining whether the number of 
the authentications carried out exceeds a pre- 



determined number; and 
a collation step at the mobile terminal, inputting 
a personal identification number (PIN) when 
the number of the authentications carried out is 
determined to exceed the predetermined 
number, and collating the input PIN with a pre- 
viously registered PIN. 

i. The mobile terminal authentication method claimed 
in Claim 4, which further comprises: 

a determining step by the mobile terminal, 
counting the number of the authentications car- 
ried out when the user's biometric information 
read by the reading device coincides with the 
previously registered user's biometric informa- 
tion, and determining whether the number of 
the authentications carried out exceeds a pre- 
determined number; and 
a collation step at the mobile terminal, inputting 
a personal identification number (PIN) when 
the number of the authentications carried out is 
determined to exceed the predetermined 
number, and collating the input PIN with a pre- 
viously registered PIN. 

7. The mobile terminal authentication method claimed 
in Claim 1 , wherein, 

the mobile terminal previously registers a 
combination and sequence of a plurality of user's 
biometric information sets as the user's biometric 
information; 

the mobile terminal carries out the authenti- 
cation using the previously registered user's bio- 
metric information and a plurality of user's biometric 
information sets read by the reading device; and 

the mobile terminal considers the user to be 
an authorized user when the plurality of user's bio- 
metric information sets read by the reading device 
are determined to coincide with the previously reg- 
istered user's biometric information. 

8. The mobile terminal authentication method claimed 
in Claim 4, wherein, 

the mobile terminal previously registers a 
combination and sequence of a plurality of user's 
biometric information sets as the user's biometric 
information; 

the mobile terminal carries out the authenti- 
cation using the previously registered user's bio- 
metric information and a plurality of user's biometric 
information sets read by the reading device; and 

the mobile terminal considers the user to be 
an authorized user when the plurality of user's bio- 
metric information sets read by the reading device 
are determined to coincide with the previously reg- 
istered user's biometric information. 
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9. A mobile terminal communicating with an informa- 
tion server via a radio path to utilize a service sup- 
plied from the information server, the mobile termi- 
nal being authenticated by the information server 
based on user information by which the information 
server identifies the mobile terminal, the mobile ter- 
minal comprising: 

an individual authentication unit for carrying out 
an authentication using biometric information 
representing a user's biometric characteristic 
and read by a reading device, and previously 
registered user's biometric information; and 
a transmission unit for transmitting the user in- 
formation to the information server when the bi- 
ometric information read by the reading device 
is considered to coincide with the previously 
registered user's biometric information. 



an authentication number determining unit for 
counting the number of the authentications car- 
ried out when the user's biometric information 
read by the reading device coincides with the 

5 previously registered user's biometric informa- 

tion, and determining whether the number of 
the authentications carried out exceeds a pre- 
determined number; and 
a personal identification number(PIN) collation 

10 unit for receiving a PIN when the number of au- 

thentications carried out is determined to ex- 
ceed the predetermined number, and collating 
the received PIN with a previously registered 
PIN. 

15 

1 4. The mobile terminal claimed in Claim 1 2, which fur- 
ther comprises: 

an authentication number determining unit for 
counting the number of the authentication car- 
ried out when the user's biometric information 
read by the reading device coincides with the 
previously registered user's biometric informa- 
tion, and determining whether the number of 
the authentications carried out exceeds a pre- 
determined number; and 
a personal identification number(PIN) collation 
unit for receiving a PIN when the number of the 
authentications carried out was determined to 
exceed the predetermined number, and collat- 
ing the received PIN with a previously regis- 
tered PIN. 



10. The mobile terminal claimed in Claim 9, wherein 20 

the transmission unit transmits information re- 
lating to a process of the biometric information au- 
thentication as the user information to the informa- 
tion server. 

25 

11. The mobile terminal claimed in Claim 9, wherein 

the transmission unit transmits at least either 
one of information relating to a process of the bio- 
metric information authentication and information 
representing a history (see Note at Claim 3 regard- 30 
ing "history") of the process as the user information 
to the information server. 



12. A mobile terminal communicating with an informa- 
tion server via a radio path to utilize a service sup- 35 
plied from the information server, the mobile termi- 
nal being authenticated by the information server 
based on a user's biometric information by which 

the information server identifies the mobile terminal, 
the user's biometric information being previously 40 
registered in the mobile terminal and the informa- 
tion server, the mobile terminal comprising: 

an individual authentication unit for carrying out 
an authentication using user's biometric infor- 4$ 
mation read by a reading device, and the pre- 
viously registered user's biometric information; 
and 

a transmission unit for transmitting the user's 
biometric information read by the reading de- 50 
vice to the information server when the user's 
biometric information read by the reading de- 
vice is considered to coincide with the previous- 
ly registered user's biometric information. 

55 

13. The mobile terminal claimed in Claim 9, which fur- 
ther comprises: 



15. The mobile terminal claimed in Claim 9, which fur- 
ther comprises, 

a biometric information registration unit for 
registering a combination and sequence of a plural- 
ity of user's biometric information sets as the user's 
biometric information; 

a biometric information authentication unit for 
carrying out the authentication using the previously 
registered user's biometric information and a plural- 
ity of user's biometric information sets read by the 
reading device; and 

a biometric information determining unit for 
determining whetherthe plurality of user's biometric 
information sets read by the reading device coin- 
cides with the previously registered user's biometric 
information. 

1 6. The mobile terminal claimed in Claim 1 2, which fur- 
ther comprises, 

a biometric information registration unit for 
registering a combination and sequence of a plural- 
ity of user's biometric information sets as the user's 
biometric information; 

a biometric information authentication unit for 
carrying out the authentication using the previously 
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registered user's biometric information and a plural- 
ity of user's biometric information sets read by the 
reading device; and 

a biometric information determining unit for 
determining whetherthe plurality of user's biometric 5 
information sets read by the reading device coin- 
cides with the previously registered user's biometric 
information. 
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